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« The MAILING DATE of this communication appears on the cover sheet with the correspondence address » 
Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 



- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 



3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 1 1 , 453 O.G. 213. 

Disposition of Claims 

4) ^ Claim(s) 1-39 is/are pending in the application. 

4a) Of the above claim(s) 38, 39 is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) D Claim(s) 7-23, 25-36 is/are rejected. 

7) 03 Claim(s) 24 and 37 is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10) Q The drawing(s) filed on is/are: a)Q accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1 .121 (d). 

1 1) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 
a)D All b)Q Some * c)D None of: 

1 .D Certified copies of the priority documents have been received. 

2. Q Certified copies of the priority documents have been received in Application No. . 

3. D Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 



Status 



1 )S Responsive to communication(s) filed on 14 April 2004 . 
2a)Q This action is FINAL. 2b)S This action is non-final. 



Attachment(s) 

1) ^ Notice of References Cited (PTO-892) 

2) O Notice of Draftsperson's Patent Drawing Review (PTO-948) 

3) D Information Disclosure Statement(s) (PTO-1449 or PTO/SB/08) 



4) □ Interview Summary (PTO-413) 



5) □ Notice of Informal Patent Application (PTO-152) 

6) □ Other: . 



Paper No(s)/Mail Date. 



Paper No(s)/Mail Date 



U.S. Patent and Trademark Office 
PTOL-326 (Rev. 1-04) 



Office Action Summary 
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DETAILED ACTION 



Claims 1-37 are pending. 



Priority 



The effective filing date for the subject matter defined in the pending claims in the 
application is July 20, 2000. 

Election/Restrictions 

Claims 38 and 39 are withdrawn from further consideration pursuant to 37 CFR 1.142(b), 
as being drawn to a nonelected invention, there being no allowable generic or linking claim. 
Applicant timely traversed the restriction (election) requirement in the reply filed on April 14, 



The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 



2004. 



Claim Objections 



Claim 37 is objected to because of the following informalities: 



Claim 37 is an exact repeat of claim 34. 



Appropriate correction is required. 



Claim Rejections - 35 USC § 103 



Application/Control Number: 09/620,047 
Art Unit: 2153 



Page 3 



Claims 1-23 and 25-36 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Reed et al. (US 5,903,732) in view of Blakley, III et al. (US 6,067,623). 

In referring to claims 1 and 25, Reed discloses a method for a gateway agent on a secure 
web platform for implementing access control policies to fulfill a user's web browser HTTP 
request. The web platform employs compartments consisting of outside and inside 
compartments in order to separate access control policy. Reed shows: 

Transmitting a received call (HTTP request) from said Internet visible web server (210) 
to a Gateway CGI (235) (col. 4 lines 34-39), 

Transferring, via said Gateway CGI, Internet visible Web server the call to any Gateway 
CGI program (237), 

Extracting and packaging said call by said Gateway CGI program into an Encoded 
Request Package with sufficient information to reconstruct the call (col. 6 lines 14-23), 

Establishing, via said Gateway CGI, a socket to communicate with an instance of a 
second server (240) in a secure part of said computer system (col. 6 lines 15-18), 

Transmitting information embodied in the original request in said ERP to said ACM (col. 
6 lines 20-24) 

Reconstructing said call by said ACM (col. 6 lines 25-30), 
Attempting to verify access privileges for said call (col. 6 lines 31-35), 
Although Reed shows substantial features of the claimed invention, Reed does not 
particularly point out retrieving and forwarding item requested by said call via Internet visible 
web server. Nonetheless this feature is well known in the art, and would have been an obvious 
modification to the system disclosed by Reed as shown by Blakley. 
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In an analogous art, Blakely shows a system for secure web server access via gateway. A 

middle tiered server authenticates users access to server causing mapping of credentials to a 

specific enterprise resource. Blakely shows, 

Access privileges are verified, retrieving, by said ACM (140), said item requested by said 

call (col. 5 lines 17-22), 

Forwarding said item to said Internet visible web server (col. 5 lines 25-27), 

Sending said item to said Gateway CGI across said socket (col. 5 lines 25-27), 

Serving said item in a message to said web browser from said Internet visible web server 

(col. 5 lines 23-30). 

Given these features, a person of ordinary skill in the art would have readily recognized 
the desirability and advantages of modifying the system shown by Reed to employ the features 
shown by Blakely, in order to authenticate access to a number of specific enterprise resources 
through a single authentication (col. 2 lines 57-67). 

In referring to claim 2, Reed shows wherein transmitting of received call from web server 
to Gateway CGI occurs within a single computer system (fig. 2, col. 4 lines 34-39) 

In referring to claim 3, 14, and 26, Reed shows establishing step occurring by first 
signaling from said Gateway CGI to a Daemon in said secure part of said computer system 
across an establishment socket to which said Daemon is attuned, establishing an instance of said 
ACM by said Daemon and attaching said ACM to a communications socket through which all 
further communications between said ACM and Gateway CGI shall occur (col. 6 lines 1-13). 
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In referring to claim 4, Reed shows encrypted signaling and communications (col. 2 lines 

6-11). 

In referring to claim 5, Reed shows signaling that does not contain ERP (col. 6 lines 15- 

17). 

In referring to claim 6, Reed shows signaling that does not contain ERP (col. 6 lines 15- 
17) and wherein said establishing of an instance of said ACM by said Daemon includes transfer 
of said ERP to said ACM (col. 6 lines 25-27). 

In referring to claim 7, Reed shows wherein ACM (240) does the verification and if the 
ACM fails to verify the call the ACM terminates (col. 6 lines 37-39). 

In referring to claim 8 and 9, Blakley shows ACM does the verification and if the ACM 
fails to verify the call, the ACM returns a request for a log-on (col. 5 lines 17-22). 

In referring to claim 10, Reed shows ACM does verification and if the ACM fails to 
verify the call, the ACM communicates this failure to said Gateway CGI and awaits further 
verification information (col. 6 lines 36-48). 

In referring to claim 1 1 and 16, Reed shows activating a CGI on said secure system (225, 
col. 38-46). 

In referring to claim 12, Reed shows: 

Establishing an internet visible web server (210) to receive calls from web browser on the 
internet, and receiving calls (col. 4 lines 34-39), 
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Relaying said calls to a Gateway CGI (235) on a same computer system with said IV W 
server (col. 5 lines 56-64), 

Packaging information from said calls into an Encoded Request Packet sufficient to 
reconstruct said calls from said ERP (col. 6 lines 14-23), 

Establishing a communications channel between said Gateway CGI (235) and Access 
Control Management program (230, 240) on said secure computer system (col. 5 lines 56-64, 
col. 6 lines 15-18), 

Authenticating the call (col. 6 lines 28-30), 

Sending the ERP to said ACM program (col. 6 lines 18-20) 

Reconstructing the call by said ACM program (col. 6 liens 25-27), 

Executing the call by the ACM program (col. 6 lines 25-30) 

Although Reed shows substantial features of the claimed invention, Reed does not 
particularly point out retrieving and forwarding results via Internet visible web server. 
Nonetheless this feature is well known in the art, and would have been an obvious modification 
to the system disclosed by Reed as shown by Blakley. 

In an analogous art, Blakely shows, 

Sending a result from said call execution to said Gateway CGI (col. 5 lines 25-27), 
Providing said results to said Internet visible web server (col. 5 lines 25-27), 
Sending said results to said web browser (col. 5 lines 23-30). 

Given these features, a person of ordinary skill in the art would have readily recognized 
the desirability and advantages of modifying the system shown by Reed to employ the features 



Application/Control Number: 09/620,047 Page 7 

Art Unit: 2153 

shown by Blakely, in order to authenticate access to a number of specific enterprise resources 
through a single authentication (col. 2 lines 57-67). 

In referring to claim 13 and 23, Reed shows a system for receiving step comprising 
receiving a call at a dispatcher, selecting a one of a set of IVWservers by said dispatcher, and 
sending said call to said selected one by said dispatcher (col 3 lines 57-65), 

In referring to claim 15, Reed shows Daemon signals said Gateway CGI information 
regarding the communications socket (col. 6 lines 1-13). 

In referring to claim 17, Reed shows activated CGI as a session controller for a database 
and wherein said session controller maintains an open session for a user to use data in a working 
database (col 5 lines 23-25). 

In referring to claim 18, Reed shows working database is not located on said secure 
computer system by on an intranet and said session controller maintains an open session through 
an intranet firewall (fig. 2, "intranet", col. 8 lines 1-4). 

In referring to claim 19, Reed shows authenticating requiring matching of information 
transferred by the web browser to expected information (col. 6 lines 31-35). 

In referring to claim 20, Reed shows a session controller further authenticating the call 
(step 335, col. 6 lines 25-36). 

In referring to claim 21, Reed shows secure computer system maintains a user database 
for containing at least some of said expected information (col. 5 lines 23-25, fig. 2 database). 

In referring to claim 22, Reed shows the executing step including retrieving files, 
including those file types in the set from said secure computer system. 
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In referring to claim 25, 32, and 33, Reed shows a secure web platform having two 
compartments, outside and inside for implementing access control policies (see abstract, fig. 2). 
Reed shows, 

A first computer system having a web server for receiving at least one of said calls from 
said web browser and serving said web browser with messages through said internet network 
(col. 4 lines 34-39), 

A gateway CGI program for receiving a call from said web browser (col. 5 lines 56-61). 

Establishing a communications channel between said Gateway CGI (235) and Access 
Control Management program (230, 240) on said secure computer system (col. 5 lines 56-64, 
col. 6 lines 15-18), 

Said ACM in said secure internal zone (inside) having a program for receiving said a 
request, and converting the request into a call, and a program for authenticating said request (col. 
6 lines 18-30) 

Although Reed shows substantial features of the claimed invention, Reed does not show 
extracting identification information and URL information for said call. Nonetheless this feature 
is well known in the art, and would have been an obvious modification to the system disclosed 
by Reed as evidenced by Blakley. 

In an analogous art, Blakely shows, 

A program having program elements to extract identification information and URL 
information from said call, having a packaging program to produce an Encoded Request Package 
from said call and having a connection element for sending said ERP to a web server-like Access 
Control Manager (240) in said internal zone (col. 4 lines 18-41). 
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A program for retrieving information available to said ACM within said internal zone and 
for sending said information to said Gateway (middle tiered server) (col. 5 lines 23-30). 

Given these features, a person of ordinary skill in the art would have readily recognized 
the desirability and advantages of modifying the system shown by Reed to employ the features 
shown by Blakely, in order to authenticate access to a number of specific enterprise resources 
through a single authentication (col. 2 lines 57-67). 

In referring to claim 27, Reed shows generating process further comprising reassignment 
program for connecting said ACM to a communication port (col. 6 lines 1-13). 

In referring to claim 28, Reed shows said reassignment program further comprises 
Gateway CGI communication process for sending a message to said Gateway CGI to indicated 
that said ACM has been assigned to said communications port (col. 6 lines 9-13). 

In referring to claim 29, Reed shows a dispatcher unit and wherein said first computer 
system is a pool of computers each having a web server and a Gateway CGI (col. 3 lines 57-65). 

In referring to claim 30, Reed shows ACM program for retrieving information comprises 
program means for sending said call to a CGI in said secure zone (col. 6 lines 15-24). 

In referring to claim 31, Blakley shows ACM program for retrieving information 
comprises program means for retrieving data requested in said call from said secure zone (col. 5 
lines 23-30). 

In referring to claim 34, Reed shows process comprising signaling process for 
establishing a communication socket through which to communicate with said second web server 
(col. 6 lines 1-13). 
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In referring to claims 35 and 36, Reed shows sending process comprises encryption 
process for encrypting a package and receiving process for decryption process for decrypting 
said reply message (col. 2 lines 6-11). 

Allowable Subject Matter 
Claim 24 is objected to as being dependent upon a rejected base claim, but would be 
allowable if rewritten in independent form including all of the limitations of the base claim and 
any intervening claims. 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Anita Choudhary whose telephone number is (703) 305-5268. 
The examiner can normally be reached on 9am-5pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Glenton Burgess can be reached on (703) 305-4792. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 
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